Trendnet

Tew-827dru Firmware

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-13276

Exploit
  • EPSS 3.91%
  • Veröffentlicht 10.07.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:36

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing t...

9.8

CVE-2019-13279

Exploit
  • EPSS 5.22%
  • Veröffentlicht 10.07.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:36

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercis...

7.5

CVE-2019-13277

Exploit
  • EPSS 1.7%
  • Veröffentlicht 09.07.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:24:36

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The r...

8.8

CVE-2019-13280

Exploit
  • EPSS 2.49%
  • Veröffentlicht 09.07.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:36

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated us...

8.8

CVE-2019-13148

  • EPSS 4.61%
  • Veröffentlicht 02.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:18

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.

8.8

CVE-2019-13155

  • EPSS 4.61%
  • Veröffentlicht 02.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:19

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.

8.8

CVE-2019-13154

  • EPSS 4.61%
  • Veröffentlicht 02.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:19

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.

8.8

CVE-2019-13153

  • EPSS 4.61%
  • Veröffentlicht 02.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:18

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.

8.8

CVE-2019-13152

  • EPSS 4.61%
  • Veröffentlicht 02.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:18

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.

8.8

CVE-2019-13151

  • EPSS 4.61%
  • Veröffentlicht 02.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:18

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.